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3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 
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Detailed Action 

Claim Objections 

Claims 2, 7, 12, 17, 22 and 27 are objected to because of the following 
informalities: the phrase "and epoch" is believed to be a mistake and should read, "an 
epoch." Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 16-30 fail to fall within a statutory category of invention. It is directed to 
the program itself, not a process occurring as a result of executing the program, a 
machine programmed to operate in accordance with the program, nor a manufacture 
structurally and functionally interconnected with the program in a manner which enables 
the program to act as a computer component and realize its functionality. It's also 
clearly not directed to a composition of matter. Therefore, it's non-statutory under 35 
USC 101. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-30 rejected under 35 U.S.C. 102(b) as being anticipated by "Network 
Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol 
Semantics," by Mark Handley and Vern Paxson, hereafter referred to as Handley. 

1 . With regards to claims 1 , 6, 1 1 , 16, 21 and 26, Handley teaches a method of 
blocking attacks on a protected computer network, comprising: receiving a 
plurality of packets from a network, each said packet having a packet time to live 
(TTL) value and belonging to a corresponding packet flow (equivalent to the 
normalizer receiving packets; see p. 6, right column, item 3, Handley); storing the 
smallest packet TTL value received from each said corresponding packet flow; 
and prior to transmitting each said packet, setting said packet TTL value to said 
smallest packet TTL value received for said corresponding packet flow (Handley 
discloses the decreasing the TTL as claimed; see p. 9, left column, TTL solution 
#3, Handley). 

2. With regards to claims 2, 7, 12, 17, 22 and 27 Handley teaches the method 
wherein said storing the smallest packet TTL value comprises: associating an 
epoch with said stored smallest packet TTL value; and if said epoch is greater 
than a predefined value, discarding said stored smallest packet TTL value 
(equivalent to the restoring TTL disclosed by Handley; see p. 9, left column, 
"Effect on semantics, " Handley). 
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3. With regards to claims 3, 8, 13, 18, 23 and 29, Handley teaches the method 
further comprising periodically resetting said stored smallest packet TTL value to 
a maximum value (such steps are performed by the normalizerin Handley's 
disclosure; see p. 16, right column, item 21, Handley). 

4. With regards to claims 4, 9, 14, 19, 24 and 29, Handley teaches the method 
wherein said setting said packet TTL value comprises: determining if said 
corresponding packet flow is on an unrestricted list; and if said corresponding 
packet flow is on said unrestricted list, setting said packet TTL value to a 
maximum value (Handley's design sets the TTL large to allow the packet to travel 
unrestricted by time; see p. 4, right column, 4 th paragraph, Handley). 

5. With regards to claims 5, 10, 15, 20, 25 and 30, Handley teaches the method 
wherein said setting said packet TTL value comprises: determining if said 
corresponding packet flow is on an unrestricted list; and if said corresponding 
packet flow is on said unrestricted list, leaving said packet TTL value unchanged 
(seep. 15, left column, first paragraph, Handley). 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AZIZUL CHOUDHURY whose telephone number is 
(571)272-3909. The examiner can normally be reached on M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on (571) 272-3933. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

AC 



/Jason D Cardone/ 
Supervisory Patent Examiner, Art Unit 2145 



